Sort of Random Passwords
jwp at sdchema.UUCP
jwp at sdchema.UUCP
Sun Aug 19 02:44:30 AEST 1984
Forcing "random" passwords on people has a number of problems (as has been
pointed out): they tend to be hard to remember (encouraging people to write
them down), they're often hard to type (encouraging complaints from poor
typists), etc, etc.
It's easy enough to write the code to check the proposed password against the
user's name, room number, building name, etc. Some time ago, code was sent
out by someone over the net [at least I think that's where I got it] to check
passwords alogrithmically against common triples in English. The claim is (I
have not tested it exhaustively) that no word in the on-line dictionary will
pass. I have a feeling (again untested exhaustively) that most common names
won't pass. I am modifying this [if I ever get our mail problems solved] to
reject strings of the same character, simple sequences, etc.
I think this approach gives reasonable security, while allowing the user to
choose their own password which seems to make them happier (which, in turn,
makes my job easier).
John Pierce, Chemistry, UC San Diego
{decvax,sdcsvax}!sdchema!jwp
More information about the Comp.unix.wizards
mailing list